Home / News I have a News Tip

Major Regulatory Changes Needed as Safety and Security Merge, Warns European Commission Report

University of Cambridge's Professor Ross Anderson explains why safety should be higher on the agenda than privacy.  (From the Computerphile YouTube channel)

As we increasingly move towards an IoT world, vendors of safety-critical devices will be patching their systems just as regularly as phone and computer vendors do now. Researchers warn that many regulators who previously thought only in terms of safety will have to start thinking of security as well. From a recent project conducted by a research group at Computer Laboratory of the University of Cambridge for the European Commission, comes a report on what will happen to safety regulation once computers are embedded invisibly everywhere. This will require major changes to safety regulation and certification, the report warns.

"At present, the regulation of safety is largely static, consisting of pre-market testing according to standards that change slowly if at all. Product recalls are rare, and feedback from post-market surveillance is slow, with a time constant of several years. In the future, safety with security will be much more dynamic; vendors of safety-critical devices will patch their systems once a month, just as phone and computer vendors do now. This will require major changes to safety regulation and certification, made more complex by multiple regulatory goals. For these reasons, a multi-stakeholder approach involving co-vigilance by multiple actors is inevitable."

"The EU is already the world's main privacy regulator, as Washington doesn't care and nobody else is big enough to matter ... The strategic political challenge facing the European Union is whether it wants to be the world's safety regulator. If it rises to this challenge, then just as engineers in Silicon Valley now consider Europe to be the world's privacy regulator, they will defer to Europe on safety too. The critical missing resource is expertise on cybersecurity, and particularly for the European regulators and other institutions that will have to adapt to this new world."

"The strategic research challenge will include how we make systems more sustainable. At present, we have enough difficulty creating and shipping patches for two-year-old mobile phones. How will we continue to patch the vehicles we're designing today when they are 20 or 30 years old? How can we create toolchains, libraries, APIs and test environments that can be maintained not just for years but for decades?"

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias